![\"ssh\"](\"https:\/\/www.uk-cheapest.co.uk\/support\/wp-content\/uploads\/2015\/04\/ssh-150x150.png\")
The WordPress Pingback Vulnerability is used to maliciously attack your WordPress site via the Pingback service.<\/p>\nThe WordPress Pingback Vulnerability is used to maliciously attack your WordPress site via the Pingback service.<\/p>\n
If the attack is heavy enough then not only will your site be seriously slowed if not inaccessible) but your server will also be overloaded with requests thus risking your shared hosting account altogether.<\/p>\n
This type of attack is usually instigated via a botnet of many hundreds (if not thousands) of different IP addresses so a simply blocking the IP address of the attacker is not practical.<\/p>\n
If you are under attack right now then there are actions you can take to minimise (if not nullify) the effect of attack.<\/p>\n
We can do this by adding a “deny” to “xmlrpc.php” in your .htaccess file. This will disable the your WordPress site from participating\u00a0with the\u00a0pingback requests.<\/p>\n
Add the following to the top of your .htaccess file:<\/p>\n
<files xmlrpc.php>\r\norder deny, allow\r\ndeny from all\r\n<\/files><\/pre>\nThe attack will now have less effect on your server load.<\/p>\n
Once the attack is over, you may remove deny code if you need XMLRPC services active on your WordPress site. There’s a 95% chance you can leave it there with no noticeable\u00a0effect at all.<\/p>\n
Blocking the DDOS\u00a0Attack using CSF<\/h2>\n
If you use CSF, you may still want to block the IP addresses of the attacking botnet. It’s quite easy to do.<\/p>\n
Here is a bash one-liner that will do the job for you in real-time:<\/p>\n
tail -f \/var\/www\/vhosts\/yourdomain.com\/logs\/access_log | grep \"\\\"WordPress\/\" | grep -v \"POST \" | awk '{print $1}' | while read IP; do \/usr\/sbin\/csf -td $IP 7d BlockPingback; done<\/pre>\nThere is some satisfaction in\u00a0having the IPs permanently blocked.\u00a0You can add the resulting IP block to your deny files on all servers and accounts.<\/p>\n
It does make sense as all the attacking WordPress sites are clearly compromised and will no longer be a problem (for you at least) if permanently blocked from your server.<\/p>\n","protected":false},"excerpt":{"rendered":"